Abstract

In Internet banking and Internet-related transactions, security and privacy are of great concern. To alleviate these concerns, the South African government has promulgated the Electronic Communications and Transactions (ECT) Act No. 25 of 2002. The Act regulates all electronic communication transactions in South Africa. Business organisations implement the Act by, for example, posting a privacy policy statement on their websites, which, in accordance with the requirements of the ECT Act, states how the organisation will use any personal identifiable information provided by the client. This study investigates whether South African banks that subscribe to the ECT Act comply with the principles relating to the protection of a consumer's personal information. The study employed the research methods of content analysis and interviews. The findings indicate that some banks only complied with a few of the ECT Act principles, which, according to the interview respondents, undermines the levels of trust which are in play between their banks and themselves. The respondents themselves were not fully aware of all the ECT Act requirements. This lack of awareness results in consumers failing to assess the comprehensiveness of their bank's policy statements and to what extent such banks comply with the ECT Act.